@contractspec/lib.identity-rbac 1.57.0 → 1.58.0

package/dist/browser/contracts/organization.js

@@ -0,0 +1,655 @@
+// src/contracts/user.ts
+import { SchemaModel, ScalarTypeEnum } from "@contractspec/lib.schema";
+import { defineCommand, defineQuery } from "@contractspec/lib.contracts";
+var OWNERS = ["platform.identity-rbac"];
+var UserProfileModel = new SchemaModel({
+  name: "UserProfile",
+  description: "User profile information",
+  fields: {
+    id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    emailVerified: { type: ScalarTypeEnum.Boolean(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },
+    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var CreateUserInputModel = new SchemaModel({
+  name: "CreateUserInput",
+  description: "Input for creating a new user",
+  fields: {
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    password: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }
+  }
+});
+var UpdateUserInputModel = new SchemaModel({
+  name: "UpdateUserInput",
+  description: "Input for updating a user profile",
+  fields: {
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true }
+  }
+});
+var DeleteUserInputModel = new SchemaModel({
+  name: "DeleteUserInput",
+  description: "Input for deleting a user",
+  fields: {
+    confirmEmail: { type: ScalarTypeEnum.EmailAddress(), isOptional: false }
+  }
+});
+var SuccessResultModel = new SchemaModel({
+  name: "SuccessResult",
+  description: "Simple success result",
+  fields: {
+    success: { type: ScalarTypeEnum.Boolean(), isOptional: false }
+  }
+});
+var UserDeletedPayloadModel = new SchemaModel({
+  name: "UserDeletedPayload",
+  description: "Payload for user deleted event",
+  fields: {
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }
+  }
+});
+var ListUsersInputModel = new SchemaModel({
+  name: "ListUsersInput",
+  description: "Input for listing users",
+  fields: {
+    limit: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },
+    offset: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },
+    search: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }
+  }
+});
+var ListUsersOutputModel = new SchemaModel({
+  name: "ListUsersOutput",
+  description: "Output for listing users",
+  fields: {
+    users: { type: UserProfileModel, isOptional: false, isArray: true },
+    total: { type: ScalarTypeEnum.Int_unsecure(), isOptional: false }
+  }
+});
+var CreateUserContract = defineCommand({
+  meta: {
+    key: "identity.user.create",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "create"],
+    description: "Create a new user account.",
+    goal: "Register a new user in the system.",
+    context: "Used during signup flows. May trigger email verification."
+  },
+  io: {
+    input: CreateUserInputModel,
+    output: UserProfileModel,
+    errors: {
+      EMAIL_EXISTS: {
+        description: "A user with this email already exists",
+        http: 409,
+        gqlCode: "EMAIL_EXISTS",
+        when: "Email is already registered"
+      }
+    }
+  },
+  policy: {
+    auth: "anonymous"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "user.created",
+        version: "1.0.0",
+        when: "User is successfully created",
+        payload: UserProfileModel
+      }
+    ],
+    audit: ["user.created"]
+  }
+});
+var GetCurrentUserContract = defineQuery({
+  meta: {
+    key: "identity.user.me",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "profile"],
+    description: "Get the current authenticated user profile.",
+    goal: "Retrieve user profile for the authenticated session.",
+    context: "Called on app load and after profile updates."
+  },
+  io: {
+    input: null,
+    output: UserProfileModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+var UpdateUserContract = defineCommand({
+  meta: {
+    key: "identity.user.update",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "update"],
+    description: "Update user profile information.",
+    goal: "Allow users to update their profile.",
+    context: "Self-service profile updates."
+  },
+  io: {
+    input: UpdateUserInputModel,
+    output: UserProfileModel
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "user.updated",
+        version: "1.0.0",
+        when: "User profile is updated",
+        payload: UserProfileModel
+      }
+    ],
+    audit: ["user.updated"]
+  }
+});
+var DeleteUserContract = defineCommand({
+  meta: {
+    key: "identity.user.delete",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "delete"],
+    description: "Delete user account and all associated data.",
+    goal: "Allow users to delete their account (GDPR compliance).",
+    context: "Self-service account deletion. Cascades to memberships, sessions, etc."
+  },
+  io: {
+    input: DeleteUserInputModel,
+    output: SuccessResultModel
+  },
+  policy: {
+    auth: "user",
+    escalate: "human_review"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "user.deleted",
+        version: "1.0.0",
+        when: "User account is deleted",
+        payload: UserDeletedPayloadModel
+      }
+    ],
+    audit: ["user.deleted"]
+  }
+});
+var ListUsersContract = defineQuery({
+  meta: {
+    key: "identity.user.list",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "admin", "list"],
+    description: "List all users (admin only).",
+    goal: "Allow admins to browse and manage users.",
+    context: "Admin dashboard user management."
+  },
+  io: {
+    input: ListUsersInputModel,
+    output: ListUsersOutputModel
+  },
+  policy: {
+    auth: "admin"
+  }
+});
+
+// src/contracts/organization.ts
+import { ScalarTypeEnum as ScalarTypeEnum2, SchemaModel as SchemaModel2 } from "@contractspec/lib.schema";
+import { defineCommand as defineCommand2, defineQuery as defineQuery2 } from "@contractspec/lib.contracts";
+var OWNERS2 = ["platform.identity-rbac"];
+var OrganizationModel = new SchemaModel2({
+  name: "Organization",
+  description: "Organization details",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    onboardingCompleted: { type: ScalarTypeEnum2.Boolean(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false }
+  }
+});
+var MemberUserModel = new SchemaModel2({
+  name: "MemberUser",
+  description: "Basic user info within a member",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var MemberModel = new SchemaModel2({
+  name: "Member",
+  description: "Organization member",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    organizationId: {
+      type: ScalarTypeEnum2.String_unsecure(),
+      isOptional: false
+    },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false },
+    user: { type: MemberUserModel, isOptional: false }
+  }
+});
+var InvitationModel = new SchemaModel2({
+  name: "Invitation",
+  description: "Organization invitation",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    status: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    expiresAt: { type: ScalarTypeEnum2.DateTime(), isOptional: true },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false }
+  }
+});
+var CreateOrgInputModel = new SchemaModel2({
+  name: "CreateOrgInput",
+  description: "Input for creating an organization",
+  fields: {
+    name: { type: ScalarTypeEnum2.NonEmptyString(), isOptional: false },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var GetOrgInputModel = new SchemaModel2({
+  name: "GetOrgInput",
+  description: "Input for getting an organization",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var UpdateOrgInputModel = new SchemaModel2({
+  name: "UpdateOrgInput",
+  description: "Input for updating an organization",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var InviteMemberInputModel = new SchemaModel2({
+  name: "InviteMemberInput",
+  description: "Input for inviting a member",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    teamId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var AcceptInviteInputModel = new SchemaModel2({
+  name: "AcceptInviteInput",
+  description: "Input for accepting an invitation",
+  fields: {
+    invitationId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var RemoveMemberInputModel = new SchemaModel2({
+  name: "RemoveMemberInput",
+  description: "Input for removing a member",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var MemberRemovedPayloadModel = new SchemaModel2({
+  name: "MemberRemovedPayload",
+  description: "Payload for member removed event",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var ListMembersInputModel = new SchemaModel2({
+  name: "ListMembersInput",
+  description: "Input for listing members",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    limit: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: true },
+    offset: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: true }
+  }
+});
+var ListMembersOutputModel = new SchemaModel2({
+  name: "ListMembersOutput",
+  description: "Output for listing members",
+  fields: {
+    members: { type: MemberModel, isOptional: false, isArray: true },
+    total: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: false }
+  }
+});
+var OrganizationWithRoleModel = new SchemaModel2({
+  name: "OrganizationWithRole",
+  description: "Organization with user role",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    onboardingCompleted: { type: ScalarTypeEnum2.Boolean(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var ListUserOrgsOutputModel = new SchemaModel2({
+  name: "ListUserOrgsOutput",
+  description: "Output for listing user organizations",
+  fields: {
+    organizations: {
+      type: OrganizationWithRoleModel,
+      isOptional: false,
+      isArray: true
+    }
+  }
+});
+var CreateOrgContract = defineCommand2({
+  meta: {
+    key: "identity.org.create",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "create"],
+    description: "Create a new organization.",
+    goal: "Allow users to create new organizations/workspaces.",
+    context: "Called during onboarding or when creating additional workspaces."
+  },
+  io: {
+    input: CreateOrgInputModel,
+    output: OrganizationModel,
+    errors: {
+      SLUG_EXISTS: {
+        description: "An organization with this slug already exists",
+        http: 409,
+        gqlCode: "SLUG_EXISTS",
+        when: "Slug is already taken"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.created",
+        version: "1.0.0",
+        when: "Organization is created",
+        payload: OrganizationModel
+      }
+    ],
+    audit: ["org.created"]
+  }
+});
+var GetOrgContract = defineQuery2({
+  meta: {
+    key: "identity.org.get",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "get"],
+    description: "Get organization details.",
+    goal: "Retrieve organization information.",
+    context: "Called when viewing organization settings or dashboard."
+  },
+  io: {
+    input: GetOrgInputModel,
+    output: OrganizationModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+var UpdateOrgContract = defineCommand2({
+  meta: {
+    key: "identity.org.update",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "update"],
+    description: "Update organization details.",
+    goal: "Allow org admins to update organization settings.",
+    context: "Organization settings page."
+  },
+  io: {
+    input: UpdateOrgInputModel,
+    output: OrganizationModel
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.updated",
+        version: "1.0.0",
+        when: "Organization is updated",
+        payload: OrganizationModel
+      }
+    ],
+    audit: ["org.updated"]
+  }
+});
+var InviteMemberContract = defineCommand2({
+  meta: {
+    key: "identity.org.invite",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "invite", "member"],
+    description: "Invite a user to join the organization.",
+    goal: "Allow org admins to invite new members.",
+    context: "Team management. Sends invitation email."
+  },
+  io: {
+    input: InviteMemberInputModel,
+    output: InvitationModel,
+    errors: {
+      ALREADY_MEMBER: {
+        description: "User is already a member of this organization",
+        http: 409,
+        gqlCode: "ALREADY_MEMBER",
+        when: "Invitee is already a member"
+      },
+      INVITE_PENDING: {
+        description: "An invitation for this email is already pending",
+        http: 409,
+        gqlCode: "INVITE_PENDING",
+        when: "Active invitation exists"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.invite.sent",
+        version: "1.0.0",
+        when: "Invitation is sent",
+        payload: InvitationModel
+      }
+    ],
+    audit: ["org.invite.sent"]
+  }
+});
+var AcceptInviteContract = defineCommand2({
+  meta: {
+    key: "identity.org.invite.accept",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "invite", "accept"],
+    description: "Accept an organization invitation.",
+    goal: "Allow users to join organizations via invitation.",
+    context: "Called from invitation email link."
+  },
+  io: {
+    input: AcceptInviteInputModel,
+    output: MemberModel,
+    errors: {
+      INVITE_EXPIRED: {
+        description: "The invitation has expired",
+        http: 410,
+        gqlCode: "INVITE_EXPIRED",
+        when: "Invitation is past expiry date"
+      },
+      INVITE_USED: {
+        description: "The invitation has already been used",
+        http: 409,
+        gqlCode: "INVITE_USED",
+        when: "Invitation was already accepted"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.member.added",
+        version: "1.0.0",
+        when: "Member joins org",
+        payload: MemberModel
+      }
+    ],
+    audit: ["org.member.added"]
+  }
+});
+var RemoveMemberContract = defineCommand2({
+  meta: {
+    key: "identity.org.member.remove",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "member", "remove"],
+    description: "Remove a member from the organization.",
+    goal: "Allow org admins to remove members.",
+    context: "Team management."
+  },
+  io: {
+    input: RemoveMemberInputModel,
+    output: SuccessResultModel,
+    errors: {
+      CANNOT_REMOVE_OWNER: {
+        description: "Cannot remove the organization owner",
+        http: 403,
+        gqlCode: "CANNOT_REMOVE_OWNER",
+        when: "Target is the org owner"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.member.removed",
+        version: "1.0.0",
+        when: "Member is removed",
+        payload: MemberRemovedPayloadModel
+      }
+    ],
+    audit: ["org.member.removed"]
+  }
+});
+var ListMembersContract = defineQuery2({
+  meta: {
+    key: "identity.org.members.list",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "member", "list"],
+    description: "List organization members.",
+    goal: "View all members of an organization.",
+    context: "Team management page."
+  },
+  io: {
+    input: ListMembersInputModel,
+    output: ListMembersOutputModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+var ListUserOrgsContract = defineQuery2({
+  meta: {
+    key: "identity.org.list",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "list"],
+    description: "List organizations the current user belongs to.",
+    goal: "Show user their organizations for workspace switching.",
+    context: "Workspace switcher, org selection."
+  },
+  io: {
+    input: null,
+    output: ListUserOrgsOutputModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+export {
+  UpdateOrgInputModel,
+  UpdateOrgContract,
+  RemoveMemberInputModel,
+  RemoveMemberContract,
+  OrganizationWithRoleModel,
+  OrganizationModel,
+  MemberUserModel,
+  MemberRemovedPayloadModel,
+  MemberModel,
+  ListUserOrgsOutputModel,
+  ListUserOrgsContract,
+  ListMembersOutputModel,
+  ListMembersInputModel,
+  ListMembersContract,
+  InviteMemberInputModel,
+  InviteMemberContract,
+  InvitationModel,
+  GetOrgInputModel,
+  GetOrgContract,
+  CreateOrgInputModel,
+  CreateOrgContract,
+  AcceptInviteInputModel,
+  AcceptInviteContract
+};